Cyber Security Consultant

The Cyber Security Consultant (CSC) is responsible for assisting with the day-to-day operations of securing the firms various information systems. Reporting to the Information Security Manager, the CSC is tasked with providing technical expertise in all areas of the network, system, and application security. The CSC works closely with the various teams in the Information Technology department to ensure that systems and networks are always designed, developed, deployed, and managed with an emphasis on strong, effective security and risk management controls. The CSC leads the firm's vulnerability management program, manages the annual cybersecurity assessments and penetration tests, and researches and reports on emerging threats, to help the firm take pre-emptive risk mitigation steps. The CSC effectively correlates and analyses security events within the context of AEW's unique environment to proactively detect threats and mitigate attacks before they occur.

Key Responsibilities

Expertise in defining, policies, procedures, implementation, monitoring for corporates adhering to cyber security framework standards.

Expertise in cyber security risk management process definition, implementation, review, monitoring and define mitigation plans.

Assesses new security technologies to determine the potential value for the enterprise.

research/evaluate emerging cyber security threats and ways to manage them

plan for disaster recovery and create contingency plans in the event of any security breaches

monitor for attacks, intrusions, and unusual, unauthorized, or illegal activity

test and evaluate security products

design new security systems or upgrade existing ones

use advanced analytic tools to determine emerging threat patterns and vulnerabilities of firm systems and networks.

engage in 'ethical hacking', for example, simulating security breaches

identify potential weaknesses and implement measures, such as firewalls and encryption

investigate security alerts and provide incident response

monitor identity and access management, including monitoring for abuse of permissions by authorized system users

liaise with stakeholders in relation to cyber security issues and provide future recommendations

maintain an information security risk register and assist with internal and external audits relating to information security

monitor and respond to 'phishing' emails and 'pharming' activity

assist with the creation, maintenance, and delivery of cyber security awareness training for colleagues

Demonstrable Requirements

A four-year college degree or equivalent industry training and certifications.

Three to five years of experience as a cyber security analyst or related position.

Knowledge of enterprise-class technologies such as firewalls, routers, switches, VPNs, Cloud, Servers, Dockers, Containers

Strong working experience with Cyber security technologies and products.

Strong writing skills, as well as the ability to articulate security-related concepts to a broad range of technical and non-technical staff.

Working experience with creating, implementing, and managing a threat hunting program within a corporate environment.

Demonstrated experience implementing and/or enforcing security and compliance frameworks such as NIST, Cobit, and ISO.

Be a proficient problem-solver that is able to work autonomously.

Desired Qualifications

One or more of the following certifications: CEH, CISM, CompTIA Security+, CISSP, GSEC

Experience with managing and securing both on-premise and hosted systems and applications.

Experience with application and database security.

. Ability to seek out vulnerabilities in IT infrastructures.